Add test for empty supported-groups extension

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18213)

test/recipes/80-test_ssl_new.t

@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
 
 # We hard-code the number of tests to double-check that the globbing above
 # finds all files as expected.
-plan tests => 29;  # = scalar @conf_srcs
+plan tests => 30;  # = scalar @conf_srcs
 
 # Some test results depend on the configuration of enabled protocols. We only
 # verify generated sources in the default configuration.
@@ -70,6 +70,8 @@ my %conf_dependent_tests = (
   "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
   "27-ticket-appdata.conf" => !$is_default_tls,
   "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
+  "30-supported-groups.conf" => disabled("tls1_2") || disabled("tls1_3")
+                                || $no_ec || $no_ec2m
 );
 
 # Add your test here if it should be skipped for some compile-time

test/ssl-tests/30-supported-groups.conf

@@ -0,0 +1,54 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 2
+
+test-0 = 0-Just a sanity test case
+test-1 = 1-Pass with empty groups with TLS1.2
+# ===========================================================
+
+[0-Just a sanity test case]
+ssl_conf = 0-Just a sanity test case-ssl
+
+[0-Just a sanity test case-ssl]
+server = 0-Just a sanity test case-server
+client = 0-Just a sanity test case-client
+
+[0-Just a sanity test case-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-Just a sanity test case-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-Pass with empty groups with TLS1.2]
+ssl_conf = 1-Pass with empty groups with TLS1.2-ssl
+
+[1-Pass with empty groups with TLS1.2-ssl]
+server = 1-Pass with empty groups with TLS1.2-server
+client = 1-Pass with empty groups with TLS1.2-client
+
+[1-Pass with empty groups with TLS1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-Pass with empty groups with TLS1.2-client]
+CipherString = DEFAULT
+Groups = sect163k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+

test/ssl-tests/30-supported-groups.conf.in

@@ -0,0 +1,45 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "Just a sanity test case",
+        server => { },
+        client => { },
+        test   => { "ExpectedResult" => "Success" },
+    },
+);
+
+our @tests_tls1_3 = (
+    {
+        name => "Fail empty groups with TLS1.3",
+        server => { },
+        client => { "Groups" => "sect163k1" },
+        test   => { "ExpectedResult" => "ClientFail" },
+    },
+);
+
+our @tests_tls1_2 = (
+    {
+        name => "Pass with empty groups with TLS1.2",
+        server => { },
+        client => { "Groups" => "sect163k1",
+                    "MaxProtocol" => "TLSv1.2" },
+        test   => { "ExpectedResult" => "Success" },
+    },
+);
+
+push @tests, @tests_tls1_3 unless disabled("tls1_3")
+                                  || !disabled("ec2m") || disabled("ec");
+push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");